</div></div></blockquote><div><br></div><div>Why a fork ?!<br></div><div>There are bugs, some of them are set to be security risks, but you can never avoid bugs.<br></div><div>And when C and C++ are your main programming language, the number of bugs raises, due to so many reasons such as:<br>

</div><div>1. memory management (with all of it&#39;s issues)<br></div><div>2. In-proper data input <br></div><div>3. hard code to read and understand<br><br></div><div>etc... <br><br></div><div>I do think that the heartbleed issue was anything else but a bug, and rewriting code will not make things less vulnerable for the next big bug that might exists.<br>

<br></div><div>So why do they fork it ?!<br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><br></div>They crave for more people to help. <br>

<div style="direction:ltr" bgcolor="#FFFFFF" text="#000000">
<div>If any of you guys and gals think this
isn&#39;s serious, think twice. The CloudFlare SSL Heartbleed
challenge site&#39;s SSL key was stolen within hours of being
announced. There is a wave of security compromises all over the
world and sane CAs are offering free renewals of SSL certificates.<div><br>
<br>
On 04/11/2014 08:35 AM, Eli Billauer wrote:<br>
</div></div><div>
<blockquote type="cite">
<pre>Hi all,

I suppose that the security freaks already know about this, and still,
this seems important enough for an alert.

In a nutshell, a bug in the mechanism that allows keepalive messages to
be sent to maintain an SSL link, also allows, accidentally, a remote
attacker to read a segment of up to 64 kBytes from the server&#39;s memory.
It&#39;s doesn&#39;t give access to any chunk of 64 kBytes, but it&#39;s a segment
which is likely to be dirty with data that belongs to the process
running openSSL. So there&#39;s a chance that data related to private keys
and passwords is revealed this way.